Jan 29 2021

Lebanese Cedar APT group broke into telco and ISPs worldwide

Category: APTDISC @ 1:33 pm

Clearsky researchers linked the Lebanese Cedar APT group to a cyber espionage campaign that targeted companies around the world.

Clearsky researchers linked the Lebanese Cedar group (aka Volatile Cedar) to a cyber espionage campaign that targeted companies around the world.

The APT group has been active since 2012, experts linked the group to the Hezbollah militant group.

The activities of the group were first spotted by Check-Point and Kaspersky labs in 2015.

ClearSky experts linked the Lebanese Cedar group to intrusions at telco companies, internet service providers, hosting providers, and managed hosting and applications companies.

The attacks began in early 2020 and threat actors breached internet service providers in the US, the UK, Egypt, Israel, Lebanon, Jordan, the Palestinian Authority, Saudi Arabia, and the UAE.

“Based on a modified JSP file browser with a unique string that the adversary used to deploy ‘Explosive RAT’ into the victims’ network, we found some 250 servers that were apparently breached by Lebanese Cedar” reads the report published by the ClearSky. “We assess that there are many more companies that have been hacked and that valuable information was stolen from these companies over periods of months and years.”

Leave a Reply

You must be logged in to post a comment. Login now.